Unable to sign with Trezor: device does not have a matching signing key

[tgibson11]

Describe the bug I have a multisig wallet with a Trezor as one of the keys. When I try to sign a transaction with the Trezor, I get the error "device does not have a matching signing key".

To Reproduce Steps to reproduce the behavior:

1. Add new device. Select Trezor. Edit derivation paths: remove the defaults. Add custom derivation: m/49/0/2. Add [derivation path]. Done [editing derivation paths]. Get via USB. Do the things with the Trezor. Appears to work successfully.

2. Add 2 more devices. Any should do (I think).

3. Add new wallet. Multisignature wallet. Select the 3 devices, one of which is the Trezor. Give the wallet a name. Select Nested Segwit. Create wallet.

4. Go to the wallet. Send. New [transaction]. Scan recipient address. Set BTC amount. Reduce fee amount. Select a specific UTXO. Create unsigned transaction.

5. Sign transaction with your...Trezor. Enter PIN. Enter passphrase (blank).

6. Error: "the selected device does not have a matching signing key"

Expected behavior Well, the transaction should be signed successfully

Screenshots eh...screenshots are lot of work, but let me know if there is anything you'd like to see

Desktop (please complete the following information):

• Where is your node running: another computer on my local network
• Where is your specter running: my laptop
• If you're running a binary, which OS: Linux
• Browser: umm, I have a few installed...not sure why this would be relevant
• Specter Version 1.13.1

Additional context

I'm testing sovereign recovery of a Casa wallet. Signing with the Trezor works fine via the Casa app. So it seems like there is some difference with how Specter is constructing the PSBT, or how Specter interfaces with the device.

One of the other keys in my wallet is a Coldcard, and I can sign transactions successfully with that, so the issue seems specific to the Trezor.

[tgibson11]

I've narrowed this down substantially from my initial report.

The issue is definitely with the passphrase. I don't use a passphrase on my Trezor, so when Specter prompts for it, I leave it blank and click Submit. That seems to work fine when adding the device, but not when signing a transaction.

I exported the wallet from Specter into Sparrow. It also had a problem with the passphrase, but it told me, and it provided an option to disable the passphrase on the Trezor. After doing that, I was able to sign successfully from Sparrow. And then I was also able to sign from Specter.

[moneymanolis]

I could reproduce this issue.

Quick fix was to disable passphrase as described by @tgibson11, this can be done via command line, too: Install trezorctl via pip install trezor and run trezorctl disable-passphrase. Will discuss @stepansnigirev further steps for our UI.

You can also turn off the passphrase feature in Specter, here under "Toggle device passphrase":

[moneymanolis]

@prusnak before we work here on an internal solution in Specter Desktop, I wanted to double check with you: Did you perhaps change here sth. on the firmware side where the combination of entering empty passphrases and having passphrase enabled on the Trezor device are "not allowed" / don't reveal the fingerprint of the device? Currently, the signing flow in Specter Desktop ends because no fingerprint is delivered from the device. I couldn't find any related issues in your repo. Thanks!

[prusnak]

No, nothing has changed. The issue sounds like a HWI issue - are you on the latest version HWI?

[moneymanolis]

Yes, we are using hwi==2.1.1, I double checked on Trezor Suite, no issues there. So, yes, most likely a HWI issue. I will try with the version before the upgrade to hwi 2.1.1. @craigraw do you also have this issue in Sparrow?

[moneymanolis]

Update: I tested with hwi==2.1.0 - same issue. Waiting on Craig's answer, if he has the same problem, I will raise an issue with HWI.

[craigraw]

HWI does not allow empty passphrases, even though they are often employed when a single Trezor is used for multiple wallets. You have to disable the passphrase to access the empty passphrase wallet. This has been raised on Sparrow's repo as well: https://github.com/sparrowwallet/sparrow/issues/240

I've had a TODO since forever to add an HWI issue on this. If you can raise one I'd be grateful.

[prusnak]

Reported to HWI as https://github.com/bitcoin-core/HWI/issues/639

[moneymanolis]

@prusnak thanks for opening the issue and thanks @craigraw for the quick reply.